In the world of cybercriminals, it is not strange to run into a new threat every few months. In this case, it is a new ransomware named Black Basta. Although there are several indications of who may be the minds behind this new malware, not everything is defined. The only thing is that it already has a long list of victims and is on the prowl. Several cybersecurity firms are giving their alerts and recommendations. Read everything in the following lines.
Read: An old Safari vulnerability is still exploited in the wild
Black Basta is apparently associated with the Conti group
First of all, this new threat is a RaaS (Ransomware-As-A-Service) malware that follows the formula of all its predecessors. “(It) employs the tried-and-tested tactic of double extortion to plunder sensitive information from the targets and threaten to publish the stolen data unless a digital payment is made.” experts of The Hacker News comment.
To date, it has more than 50 victims distributed by countries such as The U.S., Canada, The U.K., Australia, and New Zealand. The worrying thing is that it has only been on the loose for 2 months, so it is expected that its most prominent blows will be carried out very soon.
“Black Basta has been observed targeting a range of industries, including manufacturing, construction, transportation, telcos, pharmaceuticals, cosmetics, plumbing and heating, automobile dealers, undergarments manufacturers, and more,” Cybereason said in a report.
Until now, it is known that there is already a variant of Blacks Basta for Linux designed to strike VMware ESXI Virtual Machines (VMS) running on enterprise servers, putting it on par with other groups such as Lockbit, Hive, and Cheerscrypt.
All this has come to the headlines, and investigations have become more intense because the last victim is Elbit Systems of America, a Manufacturer of Defense, Aerospace, and Security Solutions, whose attack occurred last weekend, according to security researcher Ido Cohen.
The investigations have noted that the creators and masterminds behind Black Basta come from affiliates of the Conti group, which was being persecuted by the law, so they decided to stop their activities as a group. In addition to that, many of their operations, along with their attack methods, were exposed by a Ukrainian security specialist known as Danylo, since they are said to be on the Russian side in the Russia-Ukraine conflict.
So far, the group says to remain active. However, it is strange not to have more information about its activities since December last year. In addition to knowing that its two Tor servers, where they communicated all their activities and attacks, no longer remain in operation. So it is not surprising that Black Basta creators are from Conti’s ranks.
Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.
Photo by Drazen Zigic on Freepik.
Facebook: Eagle Tech Corp
Instagram: @eagletech_corp
Twitter: @eagletechcorp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp